Taoyuan City Government Website Security Policy
To protect the security of your and this website’s information, “Taoyuan City Government Website” (hereinafter referred to as “the Website”) has enacted the following website security policy in accordance with the spirit of “Personal Information Protection Act” to describe the Website’s measures regarding information security.
1. Applicable Scope of Policy:
The following website security policy applies to the collection, application and protection of personal information involved in the browsing of the Website. However, it does not apply to the links to other websites set up on the Website. When you click and link to other websites, it applies to each website’s security policy.
2. Information Access Control:
Set system access policies and authorization regulations and inform staff and users of their relevant authorities and responsibilities in writing, electronic or other measures.
Resigned (suspended) staff shall immediately cancel the authorities of all the information resources, and such act shall be included in necessary procedures of resignation (suspension). Adjustment and mobilization of staff positions shall follow the authorization regulations of system access to demand the staff to adjust its authority within a time limit.
Establish a management system of user registration to enhance the management of user access password. In principle, user password update cycle shall not exceed six months at maximum.
To the system service providers repairing system through remote login, the security control shall be strengthened. The personnel list shall be established, and the personnel on the list shall take relevant security and non-disclosure responsibilities.
Establish an information security audit system to conduct information security audits regularly or irregularly.
3. Website Security Measures and Regulations
Any unauthorized attempts to upload or change the services and related information provided by the Authority are strictly prohibited and may be in violation of laws. For the purpose of website security and to ensure that this service can be continually provided to all internet users, the Website provides the following security measures:
For the outlets connected to the outside network, a firewall has been established to control the data transmission and resource access on external and internal network, and strict identification procedure has been implemented.
Use a network intrusion detection system to monitor network traffic to verify unauthorized attempts to upload or change page information or wilful destroy.
Install anti-virus software and implement regular virus scanning to provide users with a more secure web browsing environment.
Establish system backup facilities and regularly carry out the necessary backup of information, software and backup operations in order to promptly recover normal operations in the event of disasters or failure of storage media.
From time to time simulate hacking attacks, drill system recovery procedures in the event of a security incident and provide appropriate levels of security defenses.
Confidential and sensitive information or documents are not stored in an open information system and confidential documents are not sent by email.
Automatically receive all security notices emailed from the relevant operating system suppliers or application suppliers and install the appropriate patching application (PATCH) as recommended by e-mail.
Internet data transmission cannot be guaranteed 100% secure; however, the Website will strive to protect the security of the Website’s information and your personal information; in some cases, the standard SSL security systems are used to protect the security of data transfer. However, as the data transmission process involves the security situation of your online environment, we cannot guarantee the safety of your information transmitted or received. You should be aware of and bear the risk of data transmission on the internet. Please understand that the consequences of this part are beyond the control of the Website.
4. Firewall Security Management
The firewall has a forwarding server (such as a proxy server) equipped with network service for forwarding and controlling the network services such as Telnet, FTP and WWW.
Firewall is the hub of the entire network of the City Government. One backup of the firewall’s host and software should be prepared for contingencies.
This authority’s firewall system usually records the events of the entire network. The information of the records shall at least include the date and time of the event, the beginning and ending IP address, the communication protocol and other items, so as to facilitate the usual management and audit work in the future.
The City Government’s firewall log files are reviewed and analyzed by the firewall administrator to discover whether there is any abnormality. Log files shall be preserved for more than one year.
The City Government’s firewall host can only be logged in by system terminal and cannot be logged in by any other way, which is to ensure the security of firewall host.
The City Government’s firewall security control settings shall be reviewed frequently and make necessary adjustments to ensure the proper safety control objectives.
The City Government’s firewall system regularly makes data backup, and it can only make stand-alone backup but cannot use the internet and other ways to backup data.
The version of the City Government’s firewall system software is frequently updated in order to defend a variety of network attacks.
5. Work Principle of Data Backup
In principle, the backup of important information shall be maintained at least three generations.
The backup materials shall have proper physical and environmental protection. The safety standards shall be as same as the safety standards of the main workplaces as far as possible. The security control measures for computer media in the main workplaces shall be applied to the backup workplaces as far as possible.
Regularly test the backup data to ensure the availability of backup data.
6. Work Principle of Data Recovery
While operating data recovery work, check the consistency and integrity of the data.
Regarding the data recovery work, except sudden major events, which result in the failure of the recovery of operation of host or internet, the data will be back to normal within 24 hours and the backup data within 2 days can be guaranteed. After the data has been recovered, the program and database can immediately be back to normal operation.
The backup data shall be regularly tested to ensure the availability of backup data.
After the completion of the data recovery procedure, the relevant unit staff shall observe for three days to ensure that the system operates normally and the new data is correct.
7. Regarding the modifications to the security policy of the Website, due to the rapid development of science and technology, the incomplete of the relevant laws and regulations and unpredictable environmental changes in the future, the Website will revise the description of the security policy provided on the Website as necessary to implement the idea of ensuring network security. After the modification to the Website’s security policy has been completed, we will immediately publish it on the Website and highlight it to remind you to click to read.
8. If you have any questions or comments regarding the above terms, please feel free to contact us through the contact information shown on the Website.